Applications communicating over networks sometimes open multiple data streams that are a part of the same application session. A single instance of an application may also open multiple data streams. This makes it difficult for a network device to determine how many simultaneous network enabled applications or application instances are operating on a given host. For example, a file transfer protocol (FTP) download may be associated with a control path in addition to an actual download. Additionally, peer to peer applications may open several connections to different types of entities (e.g., control server, peers) while only a single file is actually downloaded. The inability to accurately determine how many legitimate applications, processes, threads or other executables are operating makes it difficult to prevent a single device from opening too many connections of a given type that exceed a permitted limit. A device opening an excessive number of connections may raise security concerns and/or interfere with precise management of quality of service adjustments based on some measures of consumed resources.